**Teaching Cybersecurity by Letting Students Break Things**

When it comes to teaching cybersecurity, traditional methods often fall short in engaging students and preparing them for real-world threats. A new study from Airbus Cybersecurity and Dauphine University reveals a more effective approach: letting students break things.

The research highlights the challenges of conveying complex security risks through lectures alone. Students often suffer from "theory fatigue," where they become desensitized to abstract concepts without practical application. To combat this, the study's authors developed a course that placed students in structured hacking scenarios, social engineering exercises, and competitive games.

By putting students in the shoes of attackers, analysts, and incident responders, the course encouraged them to think critically about security risks and decision-making processes. The researchers observed significant increases in student engagement and confidence as they worked through hands-on exercises, such as mapping attack paths against simulated organizations and analyzing threat intelligence reports.

One key aspect of the course was its focus on practical skills over tooling. Students learned by doing, rather than just being told what to do. For example, early exercises focused on planning and strategy, while later sessions introduced more technical aspects, such as digital forensics.

The study also explored insider-driven risk, dividing it into three categories: unintentional actions, intentional non-malicious behavior, and deliberate misuse. Students participated in exercises that simulated phishing emails, policy conflicts, and even designing future attack scenarios involving trusted users.

These scenarios improved student awareness of social influence and ethical boundaries, highlighting how ordinary actions can escalate into incidents. The course culminated with a "capture the flag" challenge, where students collaborated to unlock devices, decode clues, and interact with staff members who consented to participate.

The researchers observed high levels of collaboration and competition during this phase, with some groups locating multiple flags and demonstrating persistence and adaptive thinking. Debrief sessions focused on analyzing techniques used and preventing similar attacks in operational environments.

Qualitative feedback from students revealed a consistent story: the course was challenging but engaging, and participants enjoyed uncovering clues and making sense of incomplete information. Group discussions grew more animated over time, with collaboration extending beyond scheduled sessions.

This study aligns with findings from an external study, which reported that 86% of hackathon participants take part primarily to learn. The results demonstrate the effectiveness of challenge-driven formats in resonating strongly with learner motivation and preparing students for real-world cybersecurity threats.